Mismatch with Checksums?

  • Greetings,

    It appears the checksums for the current build on the i386 branch (i.e. pfSense-Full-Update-2.0-RC3-i386-20110812-0745.tgz) are not matching up with the associated md5 and sha256 files.  Following are the files I used to verify the download:

    –> pfSense-Full-Update-2.0-RC3-i386-20110812-0745.tgz.md5

    -->  pfSense-Full-Update-2.0-RC3-i386-20110812-0745.tgz.sha256

    Last modified timestamp indicates:

    --> 12-Aug-2011 09:39

    Also noticed Auto Update could not verify the image of the update.  Got the following error message:

    --> php: /system_firmware_auto.php: The command '/usr/local/sbin/gzsig verify /etc/pubkey.pem < '/root/latest.tgz'' returned exit code '3', the output was 'Invalid gzip file Couldn't verify input'

    Is this a known issue, or something else?

  • Netgate Administrator

    MD5 checksum verifies fine for me.
    Your download is probably corrupt.


  • Downloaded the file again and the checksums now match.


  • After downloading the file a second time and verifying the checksums matched, I got the following message when attempting to upload the firmware update:

    **This image is not digitally signed.
    This means that the image you uploaded is not an official/supported image and may lead to unexpected behavior or security compromises. Only install images that come from sources that you trust, and make sure that the image has not been tampered with.

    Do you want to install this image anyway (on your own risk)?**

    For the record, the firmware update I attempted to upload was pfSense-Full-Update-2.0-RC3-i386-20110812-1427.tgz (i.e. http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_RELENG_2_0/updates/pfSense-Full-Update-2.0-RC3-i386-20110812-1427.tgz) with last modified timestamp of 12-Aug-2011 16:26.

    This appears to be consistent re: Auto Update not able to verify the update in webConfigurator.  Are snapshots digitally signed and/or is this normal behavior?

  • Netgate Administrator

    The daily snapshots are not signed.
    Only the releases on the mirrors are signed.
    This is normal behaviour. If you want/need to use the latest snapshots you need to check the 'Allow auto-update firmware images with a missing or invalid digital signature to be used' box in System: Firmware: Updater Settings.


Log in to reply